--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Jan Schaumann <jschauma@netmeister.org> wrote:
=20
> I was thinking about doing it as part of the 'upload' script (ie more of
> (b) than (a)), with a knob to pgp sign the final checksum file (which
> would introduce/require interaction).
I've just committed the bits to the upload script to do just that.
Given that it's a trivial addition, I see no harm. Better to have the
checksum files (even if not many people make use of them) until we have
pkg* tools that actually provide signatures for each package.
Per default, no checksums are created. If the bulk-building party wants
to create checksums, then they need to set
MKSUMS=3Dyes
in the environment (or in BULK_BUILD_CONF).
If they want to sign the checksum files using gpg(1) (which of course
introduces interaction before the actual uploading is done), then they
need to set
SIGN_AS=3Dusername@NetBSD.org
in addition.
-Jan
--=20
'I have reached an age where my main purpose is not to receive
messages.' --- Umberto Eco, quoted in the New Yorker
--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
iD8DBQFB9G+lfFtkr68iakwRAkhbAJ41ZHkkE2PD82ETFbfYtTMna1RKYwCeJ1fn
kEoE910/7uhpVD69CBsBszM=
=AdUi
-----END PGP SIGNATURE-----
--NtwzykIc2mflq5ck--